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Sir: 

This appeal is from the decision of the Examiner, in an Office Action mailed 
February 28, 2005, finally rejecting claims 1-10. 

REAL PARTY IN INTEREST 

The real party in interest is Hewlett-Packard Development Company, LP, a 
limited partnership established under the laws of the State of Texas and having a principal 
place of business at 20555 S.H. 249 Houston, TX 77070, U.S.A. (hereinafter "HPDC"). 
HPDC is a Texas limited partnership and is a wholly-owned affiliate of Hewlett-Packard 
Company, a Delaware Corporation, headquartered in Palo Alto, CA. The general or 
managing partner of HPDC is HPQ Holdings, LLC. 


Docket No. 10992790-1 

2 

RELATED APPEALS AND INTERFERENCES 

Applicants representative has not identified, and does not know of, any other appeals 
of interferences which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

STATUS OF CLAIMS 

Claims 1-10 are pending in the application. Claims were finally rejected in the Office 
Action dated February 28, 2005. Applicant's appeal the final rejection of claims 1-10, which 
are copied in the attached CLAIMS APPENDIX. 

STATUS OF AMENDMENTS 

No Amendment After Final is enclosed with this brief. The last Response was filed 
September 7, 2004. 

SUMMARY OF CLAIMED SUBJECT MATTER 

The current application is directed towards a method for securing control- 
device-logical-unit ("CDLUN") operations within a disk-array controller (206 in Figure 2), or 
in other mass-storage-device controllers, invoked by remote host computers. As explained in 
the current application in the two paragraphs beginning on line 27 of page 4, a CDLUN is 
essentially a type of virtual LUN provided by a mass-storage controller to allow remote, host 
computers to invoke controller functionality involving multiple LUNs. As explained in the 
current application, beginning on line 16 of page 3, a LUN, or logical unit, represents some 
portion of the storage capabilities of a mass-storage-device, and a disk-array controller, or 
other mass-storage-device controller, provides LUNs (208—215 in Figure 2) as interfaces to 
the various portions, or partitions, of mass-storage space (203-205 in Figure 2) within a mass- 
storage device (202 in Figure 2). Certain operations, such as LUN mirroring, involve 
multiple LUNs. The CDLUN was devised as a target for addressing requests by remote host 
computers to a mass-storage-device controller for multi-LUN, or multi-partition, operations, 
such as a request to mirror one LUN to a different LUN, and for other mass-storage-device 
controller operations. 

Although CDLUNs serve admirably in the capacity intended, an additional 
problem was subsequently discovered. In general, access to individual LUNs, and to 
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operations carried out with respect to individual LUNs, is controlled by various security 
mechanisms. For example, a remote host computer storing sensitive data on a particular 
LUN of a disk array generally arranges for the LUN storing sensitive data to be at least write- 
protected, and often both read-protected and write-protected, so that only the remote host 
computer, and no other remote host computer, can access the sensitive data. These security 
mechanisms are easily extended to CDLUNs. Thus, for example, only authorized remote 
host computers can request mirroring operations through a particular CDLUN. However, 
these security mechanisms have proven to be inadequate to prevent unauthorized access to 
individual LUNs as a result of multi-LUN operations requested through CDLUNs. For 
example, although remote host computer A may have neither read nor write access to LUN 
X, remote host computer A may still alter the contents of LUN X by, for example, requesting 
that LUN Y be mirrored to LUN X by sending a multi-LUN request to a CDLUN to which 
remote host computer A is authorized to send multi-LUN requests. Embodiments of the 
present invention address this potential security and access problem, and other related 
problems. 

Independent claim 1, and dependent claims 2-5 that depend from claim 1, 
claim a method for authorizing access by remote entities to logical units provided by a mass 
storage device. The method includes steps of: (1) providing an access table that includes 
entries that each represents authorization of a particular remote entity to access a particular 
logical unit; (2) providing a supplemental access table that includes entries that each 
represents authorization of a particular control device logical unit to access a particular 
logical unit; and (3) when a remote entity requests execution of an operation directed to a 
specified control device logical unit and involving one or more additional specified logical 
units, authorizing the request for execution of the operation only when an entry currently 
exists in the access table that represents authorization of the remote entity to access the 
specified control device logical unit and, for each of the one or more additional specified 
logical units, an entry exists in the supplemental access table that represents authorization of 
the specified control device logical unit to access the additional specified logical unit. 

Independent claim 6, and dependent claims 7-10 that depend from claim 6, 
claim an authorization system for authorizing access by remote entities to logical units 
provided by a mass storage device. The claimed authorization system includes: (1) a request 
detecting component that detects requests for execution of an operation generated by a 
remote entity; (2) an access table that includes entries that each represents authorization of a 
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particular remote entity to access a particular logical unit; (3) a supplemental access table that 
includes entries that each represents authorization of a particular control device logical unit to 
access a particular logical unit; and (4) control logic that authorizes a request made by a 
remote entity, detected by the request detecting component, directed to a specified control 
device logical unit and involving one or more additional specified logical units only when an 
entry exists in the access table that represents authorization of the remote entity to access the 
specified control device logical unit and, for each of the one or more additional specified 
logical units, an entry exists in the supplemental access table that represents authorization of 
the specified control device logical unit to access the additional specified logical unit. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

1. Whether claims 1-2, 4, 6-7, and 9 are unpatentable under 35 U.S.C. 103(a) over 
Tulloch, "Administering Internet Information Server 4," New York, McGraw-Hill 
Professional, 1998, ISBN: 0072128232 ("Tulloch"). 

2. Whether claims 3, 5, 8, and 10 are unpatentable under 35 U.S.C. § 103 (a) over 
Tulloch in view of "Microsoft Windows NT Server, Resource Guide," Microsoft Press, 1996, 
ISBN: 1,57231,344,7 ("Windows NT"). 

3. Whether claims 1-4 and 6-9 are unpatentable under 35 U.S.C. § 103 (a) over Sicola et 
al„ U.S. Patent No. 6,356,979 ("Sicola") in view of Schultz, "Windows NT/2000 Network 
Security," First Edition, ISBN: 1,57870,253,4, August 2000 ("Schultz"). 

ARGUMENT 

Claims 1-10 are currently pending in the application. In an Office Action 
dated February 28, 2005 ("Office Action"), the Examiner maintained rejections of claims 1-2, 

4. 6-7, and 9 under 35 USC. § 103(a) as obvious over Tulloch, maintained rejections of 
claims 3, 5, 8, and 10 under 35 U.S.C. § 103 (a) as being unpatentable over Tulloch in view 
of Windows NT, and maintained rejections of claims 1-4 and 6-9 under 35 USC § 103(a) as 
being unpatentable over Sicola in view of Schultz. Applicants' representative respectfully 
traverses 35 USC § 103(a) rejections, for reasons provided below. 
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ISSUE 1 

1. Whether claims 1-2, 4, 6-7, and 9 are unpatentable under 35 U.S.C. 103(a) over 
Tulloch, "Administering Internet Information Server 4." New York, McGraw-Hill 
Professional, 1998, ISBN: 0072128232 f'Tulloch"). 

Claim 1 is representative of the current claims. As carefully explained in the 
current application, the method of Claim 1 is directed to securing access by remote entities, 
such as host computers, to logical units provided by a mass storage device, such as a disk 
array: 

Claim 1 is provided below, for the Examiner's convenience: 

1. (original) A method for authorizing access by remote 
entities to logical units provided by a mass storage device 
comprising: 

providing an access table that includes entries that each 
represents authorization of a particular remote entity to access a 
particular logical unit; 

providing a supplemental access table that includes entries 
that each represents authorization of a particular control device 
logical unit to access a particular logical unit; and 

when a remote entity requests execution of an operation 
directed to a specified control device logical unit and involving one 
or more additional specified logical units, authorizing the request for 
execution of the operation only when an entry currently exists in the 
access table that represents authorization of the remote entity to 
access the specified control device logical unit and, for each of the 
one or more additional specified logical units, an entry exists in the 
supplemental access table that represents authorization of the 
specified control device logical unit to access the additional specified 
logical unit. 

As clearly claimed in claim 1, an access table is provided to contain and 
represent authorizations of particular remote entities to access particular logical units. As 
clearly claimed in claim 1, a supplemental access table is also provided for containing, or 
representing, authorizations of particular CDLUNs to access LUNS. In a sense, the 
supplemental access table controls internal access of the disk-array controller, or other mass- 
storage-device controller, to logical units provided by the mass-storage-device controller. 
The supplemental access table involves controlling internal accesses by a disk-array 
controller to disk-array resources on behalf of requesting remote computers. As clearly 
claimed in claim 1 , when a remote entity requests a multi-LUN operation through a CDLUN, 
authorization for the requested operation is granted only when access to the CDLUN is 
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authorized through the access table, and access to the LUNs involved in the multi-LUN 
request is authorized thorough the supplemental access table entry for the CDLUN to which 
the remote entity addressed the multi-LUN request. Therefore, unlike requests directed to 
LUNs, a request directed to a CDLUN involves a two-step authorization process, involving 
authorization of access to the CDLUN via the access table and authorization of access to the 
multiple LUNs involved in a multi-LUN operation by the CDLUN via the supplemental 
access table. 

Tulloch is unrelated to the method of claim 1 , and unrelated, as well, to claims 
2-10. Tulloch appears to concern techniques for using the NTFS file system under the 
Windows NT operating system to control access by users of the file system to websites, 
virtual directories, and files within a server computer using HTTO, FCP, and TCP protocols. 
Tulloch does not once mention mass-storage device that provide LUN-based interfaces, such 
as disk arrays, does not mention or suggest logical units ("LUNs"), and does not mention or 
suggest CDLUNs. Tulloch appears to discuss only methods by which system administrators 
can control access by users to various files and websites stored on a server computer using 
NTFS, along with a description of user-interface-level access rights and access control lists. 
For example, Tulloch explicitly states, on cited page 152, that access control lists are 
associated with a resource, such as files and folders, and that access control lists specify 
"which users and groups have which kind of access to the resources" (emphasis added). In 
other words, the access control lists map human users of a computer and file system to 
various types of access to file system objects, including directories, files, and folders. There 
is no mention in Tulloch of controlling access by CDLUNs to LUNs within a mass storage 
device, or controlling access to any other construct on a mass storage device to which multi- 
resource-operation requests can be addressed to access multiple resources on the mass storage 
device, or any kind of structure or list having entries that "each represents authorization of a 
particular remote entity to access a particular logical unit" of a mass storage device, as clearly claimed 
in claims 1 and 6. 

The Examiner appears to attempt to draw an analogy between operating- 
system-level and higher level file systems and the mass storage devices discussed in the 
current application, and recited in the current claims. There is no justification for this 
analogy. File systems are high level constructs that are mapped, through many file system 
and operating system layers, to disk drives and other storage devices on a local computer, or, 
in the case of distributed file systems, on both a local computer and remote computers to 
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which the local computer is networked. File systems provide storage and retrieval of user- 
level data in response to user-level commands. The current application, by contrast, 
discusses mass storage devices that are accessed by remote host computers, and that provide 
access to logical units mapped by the mass-storage-device controller to mass storage media 
within the mass storage device. Even were the Examiner's analogy between distributed file 
systems and LUN-based disk-array interfaces to be pressed, there is nothing in the distributed 
file system discussed in Tulloch equivalent to a CDLUN. For such an analogy to hold, the 
distributed file system discussed in Tulloch would need to provide a special type of file on a 
server computer to which a client computer could address multi-file-operation requests. No 
such special type of file is mentioned or suggested in Tulloch. Moreover, Tulloch does not 
mention or suggest a two-step authorization process of any kind, and does not mention a two- 
step authorization process in which a first authorization data structure and a second 
authorization data structure are sequentially accessed, in order to authorize access to a special 
type of file, and, through the special type of file, to two or more different files. Tulloch makes 
no mention or suggestion of a supplemental authorization mechanism of any kind. The 
analogy attempted by the Examiner between files systems and the mass-storage authorization 
methods and systems claimed in the current claims completely fails with respect to the 
CDLUN, supplemental access table, and two-step authorization process recited in the current 
claims. 

LUNs and disk arrays are described and characterized in the Background of 
the Invention section of the current application. An administration interface of a distributed- 
file-system interface provided by a computer operating system to facilitate high-level data 
exchange between client and server computers is discussed in Tulloch. Logical units, 
referred to as LUNs, provided by a disk-array controller are not equivalent to files and folders 
on a server computer, and a file volume on a server computer is not at all equivalent to a 
mass-storage device, such as a disk array. An operating system may implement a file 
system by storing data for a number of files on a particular LUN provided by a mass-storage 
device. An operating system may choose, instead, to store an entire volume, or multiple 
volumes, comprising hundreds, thousands, or millions of files, or even an entire file system 
on a single LUN, or a portion of a single LUN. An operating system may also choose to 
distribute data for a single file or volume across multiple LUNs, and even across multiple 
LUNs distributed across multiple disk arrays. There is neither a mapping, nor reasonable 
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analogy that can be drawn, between LUNs provided by mass storage devices and the files and 

volumes of a file system. 

In sections 5-7 of the Office Action, the Examiner appears to attempt to refute 

Applicants' representative's arguments with respect to Tulloch. The essence of the attempted 

refutations appears to be a belief, by the Examiner, that "Tulloch does teach LUN, CDLUN, 

and an access table" when Tulloch is "considered in the broadest reasonable interpretation," 

and that the Examiner has a rather expansive right to define terms and phrases used in a claim 

independent of the specification, since "[although the claims are interpreted in light of the 

specification, limitations from the specification are not read into the claim." (see sections 5-7 

of the Office Action). However, the Examiner's belief is not supported by statue or case law. 

In Philips v. AWH, decided on July 12, 2005 by the Federal Circuit, an extensive review of 

claim interpretation is provided. In Phillips, the Court states: 

We have frequently stated that the words of a claim "are generally given their 
ordinary and customary meaning." Vitronics, 90 F.3d at 1582 ... We have made 
clear, moreover, that the ordinary and customary meaning of a claim term is the 
meaning that the term would have to a person of ordinary skill in the art in question at 
the time of the invention ... Importantly, the person of ordinary skill in the art is 
deemed to read the claim term not only in the context of the particular claim in which 
the disputed term appears, but in the context of the entire patent, including the 
specification. ... Because the meaning of a claim term as understood by persons of 
skill in the art is often not immediately apparent, and because patentees frequently use 
terms idiosyncratically, the court looks to "those sources available to the public that 
show what a person of skill in the art would have understood disputed claim language 
to mean." . . . Quite apart from the written description and the prosecution history, the 
claims themselves provide substantial guidance as to the meaning of particular claim 
terms. . . . The claims, of course, do not stand alone. Rather, they are part of "a fully 
integrated written instrument," Markman, 52 F.3d at 978, consisting principally of a 
specification that concludes with the claims. For that reason, claims "must be read in 
view of the specification, of which they are part." ... On numerous occasions since 
then, we have affirmed that point, stating that "[t]he best source for understanding a 
technical term is the specification from which it arose . . . Consistent with that general 
principle, our cases recognize that the specification may reveal a special definition 
given to the claim term by the patentee that differs from the meaning it would 
otherwise possess. 

The pertinence of the specification to claim construction is reinforced by the 
manner in which a patent is issued. The Patent and Trademark Office ("PTO") 
determines the scope of claims in patent applications not solely on the basis of the 
claim language, but upon giving claims their broadest reasonable construction "in 
light of the specification as it would be interpreted by one of ordinary skill in the art." 
In re A. Acad ofScl Tech Ctr.. 367 F.3d 1359, 1364 (Fed. Cir. 2004). Indeed, the 
rules of the PTO require that application claims must "conform to the invention as set 
forth in the remainder of the specification and the terms and phrases used in the 
claims must find clear support or antecedent basis in the description so that the 
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meaning of the terms in the claims may be ascertainable by reference to the 
description." 37 C.F.R. § 1.75fdVlV (emphasis added) 

Thus, although a broadest-reasonable-interpretation standard is used for claim construction 
during examination of a patent application, that standard nonetheless is based on interpreting 
claims in the context of the specification and is nonetheless applied from the perspective of 
determining the meaning that words and phrases used in claims would have to one skilled in 
the art. 

Tulloch, as discussed above, does not use the terms "logical unit," "LUN," 

"control device logical unit," or "CDLUN." The current application quite distinctly and 

clearly defines these terms within the context of mass storage devices, such as disk arrays: 

Electronic data is stored within a disk array at specific addressable 
locations. Because a disk array may contain many different individual disk drives, the 
address space represented by a disk array is immense, generally many thousands of 
gigabytes. The overall address space is normally partitioned among a number of 
abstract data storage resources called logical units ("LUNs")* A LUN includes a 
defined amount of electronic data storage space, mapped to the data storage space of 
one or more disk drives within the disk array, and may be associated with various 
logical parameters including access privileges, backup frequencies, and mirror 
coordination with one or more LUNs. LUNs may also be based on random access 
memory ("RAM"), mass storage devices other than hard disks, or combinations of 
memory, hard disks, and/or other types of mass storage devices. Remote computers 
generally access data within a disk array through one of the many abstract LUNs 208- 
215 provided by the disk array via internal disk drives 203-205 and the disk array 
controller 206. (Current application, page 3, lines 16-29) 

To reconcile the fact that a number of operations provided to a 
requesting remote computer by a disk array controller may involve multiple LUNs to 
the fact that, in general, in invoking any particular operation through many current 
disk array controller interfaces, a remote computer must specify a single target LUN, 
a type of virtual LUN known as a control-device LUN ("CDLUN") is provided by 
disk array controllers as part of the interface through which remote computers invoke 
operations. CDLUNs are essentially points of access to various operations provided 
by, and carried out by, a disk array controller. Thus, to specify that a first LUN 
should be mirrored to a second LUN, a remote computer invokes a mirroring 
operation and specifies, as the target of the operation, a particular CDLUN. CDLUNs 
provide indirect memory-mapped access to LUN pair control operations within the 
array. (Current application, page 5, lines 10-21) 

Moreover, claim 1 distinctly and clearly claims "[a] method for authorizing access by remote 
entities to logical units provided by a mass storage device." There is nothing in either the claims or 
the remainder of the specification to suggest that the terms "logical unit," "LUN," "control device 
logical unit," and "CDLUN" can be reasonably interpreted to mean files, file folders, volumes 
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Applicants respectfully submit that all statutory requirements are met and that 


the present application is allowable over all the references of record. Therefore, Applicants 
respectfully requests that the present application be passed to issue. 


Olympic Patent Works PLLC 
P.O. Box 4277 
Seattle, WA 98104 
206.621.1933 telephone 
206.621.5302 fax 


Respectfully submitted, 
Robert Alan Cochran 
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Robert W. Bergstrom 
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CLAIMS APPENDIX 

1 . A method for authorizing access by remote entities to logical units provided 
by a mass storage device comprising: 

providing an access table that includes entries that each represents 
authorization of a particular remote entity to access a particular logical unit; 

providing a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

when a remote entity requests execution of an operation directed to a specified 
control device logical unit and involving one or more additional specified logical units, 

authorizing the request for execution of the operation only when an 
entry currently exists in the access table that represents authorization of the remote entity to 
access the specified control device logical unit and, for each of the one or more additional 
specified logical units, an entry exists in the supplemental access table that represents 
authorization of the specified control device logical unit to access the additional specified 
logical unit. 

2. The method of claim 1 wherein the mass storage device includes ports through 
which requests from remote entities are received, and wherein authorizing a request for 
execution is carried out by a controller within the mass storage device, 

3. The method of claim 2 wherein the access table includes entries each 
comprising: 

an indication of a logical unit or control device logical unit; 

an indication of a port; and 

an indication of a remote entity. 

4. The method of claim 2 wherein the supplemental access table includes entries 
each comprising: 

an indication of a control device logical unit; and 
an indication of a logical unit. 
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5. The method of claim 2 wherein the mass storage device is a disk array and 
remote entities are remote computers interconnected with the disk array via a 
communications medium. 

6. An authorization system for authorizing access by remote entities to logical 
units provided by a mass storage device comprising: 

a request detecting component that detects requests for execution of an 
operation generated by a remote entity; 

an access table that includes entries that each represents authorization of a 
particular remote entity to access a particular logical unit; 

a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

control logic that authorizes a request made by a remote entity, detected by the 
request detecting component, directed to a specified control device logical unit and involving 
one or more additional specified logical units only when an entry exists in the access table 
that represents authorization of the remote entity to access the specified control device logical 
unit and, for each of the one or more additional specified logical units, an entry exists in the 
supplemental access table that represents authorization of the specified control device logical 
unit to access the additional specified logical unit. 

7. The system of claim 6 wherein the mass storage device includes ports through 
which requests from remote entities are received, and wherein the control logic resides within 
the mass storage device. 

8. The system of claim 7 wherein the access table includes entries each 
comprising: 

an indication of a logical unit or control device logical unit; 

an indication of a port; and 

an indication of a remote entity. 
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9. The system of claim 7 wherein the supplemental access table includes entries 
each comprising: 

an indication of a control device logical unit; and 
an indication of a logical unit. 

10. The system of claim 7 wherein the mass storage device is a disk array and 
remote entities are remote computers interconnected with the disk array via a 
communications medium. 
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RELATED PROCEEDINGS APPENDIX 


None. 
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of distributed file systems, or anything else specific to distributed file systems. The terms 
LUN and CDLUN, and the corresponding phrases "logical unit" and "control logical unit," 
are well known in the context of disk arrays and in the context of other mass storage devices, 
but are not used in the context of file systems constructs. The Examiner cannot simply pick 
and choose words and phrases within the specification and use them to completely redefine 
the meanings of clearly defined terms. Interpreting claim terms and phrases in a fashion that 
is consonant with their clear definitions and use in the specification does not constitute 
importation of limitations from the specification, and is, in fact, required under both case law 
and statute. The purpose of the specification is to provide a written description of an 
invention, including definitions of terms, that forms the basis for interpretation of the claims. 
An applicant necessarily relies on definitions of terms in the specification, because, 
otherwise, the claims would need to be encyclopedic in nature, and would grow to the length 
of entire applications. The Examiner's insistence on reinterpreting claim language to fit the 
cited art is unjustified, and completely contrary to Federal Circuit and Supreme Court 
decisions and Federal statutes. 

In order to establish a prima facie case for obviousness, as stated in MPEP § 
2143, citing In re Vaeck, "[T]he prior art reference (or references when combined) must teach 
or suggest all the claim limitations." Claims 1 and 6 both recite "an access table that includes 
entries that each represents authorization of a particular remote entity to access a particular 
logical unit." Tulloch does not teach, mention, or suggest an access table containing entries that 
represent authorization of a particular remote entity to access a particular logical unit, and 
Tulloch does not teach, mention, or suggest logical units in mass storage devices. 

Claims 1 and 6 both recite "a supplemental access table that includes entries that 
each represents authorization of a particular control device logical unit to access a particular logical 
unit." Tulloch does not teach, mention, or suggest a supplemental access table of any kind. Tulloch 
does not teach any kind of data structure containing entries that represent authorization of a particular 
control device logical unit to access a particular logical unit, and Tulloch does not teach, mention, or 
suggest logical units in mass storage devices or control device logical units. 

Claim 1 recites "authorizing the request for execution of the operation only 
when an entry currently exists in the access table that represents authorization of the remote 
entity to access the specified control device logical unit and, for each of the one or more 
additional specified logical units, an entry exists in the supplemental access table that 
represents authorization of the specified control device logical unit to access the additional 
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specified logical unit" and claim 6 recites "control logic that authorizes a request made by a 
remote entity, detected by the request detecting component, directed to a specified control 
device logical unit and involving one or more additional specified logical units only when an 
entry exists in the access table that represents authorization of the remote entity to access the 
specified control device logical unit and, for each of the one or more additional specified 
logical units, an entry exists in the supplemental access table that represents authorization of 
the specified control device logical unit to access the additional specified logical unit." 
Tulloch does not teach, mention, or suggest a supplemental access table of any kind. Tulloch does not 
teach any kind of data structure containing entries that represent authorization of a particular control 
device logical unit to access a particular logical unit. Tulloch does not teach, mention, or suggest 
logical units in mass storage devices or control device logical units. 

Tulloch is a woefully inadequate basis for an obviousness type rejection of claims 1 
and 6, since Tulloch does not teach, mention, or suggest even a single element of independent claims 
1 and 6. The Examiner has failed to establish a prima facie case for obviousness, and has failed, 
in the rejections of claims 1-2, 4, 6-7, and 9, to cite a single relevant reference. 

ISSUE 2 

2. Whether claims 3, 5. 8, and 10 are unpatentable under 35 U.S.C. $ 103 (a) over 
Tulloch in view of "Microsoft Windows NT Server, Resource Guide," Microsoft Press, 1996, 
ISBN: 1.57231.344/7 fWindows NT"). 

As discussed above, with reference to the first issue, Tulloch is unrelated to 
the subject matter of the current application and to the method and system claimed in the 
current claims. Tulloch appears to be a very high-level overview of administration 
techniques and tools for a distributed file system. The current application is related to 
authorization of access to LUNS provided by a mass storage device. Tulloch contributes 
nothing of relevance to the rejection. 

In rejecting Claims 3, 5, 8, and 10 in Section 9 of the Office Action, the 

Examiner relies on several pages of text from the Windows NT reference. The Windows NT 

reference states, on page 155, that: 

Some vendors sell disk subsystems that implement RAID technology 
completely within the hardware. Some of these hardware 
implementations support hot swapping of disks, which enables you to 
replace a failed disk while the computer is still running Windows NT 
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Server. RAID arrays are not described in this book , (emphasis 
added) 

The current application concerns disk arrays and other mass-storage devices, 
including RAID arrays, but the reference explicitly states that these mass-storage 
devices are not discussed in the reference. Instead, the cited pages of Windows NT 
appear to discuss, at very high level, formatting and partitioning of a disk drive in a 
personal computer for use by the operating system and file system. The cited pages 
of Windows NT do not discuss or suggest access tables for authorization of requests 
or operations directed to a mass storage device, authorization techniques, control 
device logical units, multiple LUN operations, or other elements claimed in the 
current claims. Windows NT, like Tulloch, discusses high level tools and concepts 
related to file systems created and maintained on personal computers and servers, and 
neither discusses, mention, or suggest methods related to, or implementations of, 
control logic and authorization of access to logical units within mass storage devices. 

The Examiner appears to attempt to refute Applicants 1 representatives 
arguments concerning Windows NT in section 8 of the Office Action, advising 
"applicant to consider the Microsoft Press 1 "Planning a Fault-Tolerant Disk 
Configuration" section (pg. 155) as a whole and not just one sentence taken out of 
context." In fact, there is little context to consider on page 155 of Windows NT. The 
reference states that it does not describe the mass storage devices to which the current 
application is related, and mentions that such systems implement fault tolerance in 
hardware. This fact, and the fact that RAID technologies exist, are quite well known, 
and contribute nothing relevant to an obviousness-type rejection of the claimed 
invention. 

In rejecting claims 3, 5, 8, and 10 as being unpatentable under 35 U.S.C. § 103 
(a) over Tulloch in view of Windows NT, the Examiner has failed to establish a prima facie 
case for obviousness. Neither Tulloch, NT Windows, nor a combination of Tulloch and NT 
Windows teaches, mentions, or suggests an access table containing entries that represent 
authorization of a particular remote entity to access a particular logical unit, logical units in mass 
storage devices, "a supplemental access table that includes entries that each represents authorization 
of a particular control device logical unit to access a particular logical unit," a supplemental access 
table of any kind, any kind of data structure containing entries that represent authorization of a 
particular control device logical unit to access a particular logical unit, control device logical units, or 
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a two-step authorization method employing both an access table and a supplemental access table. In 
fact, neither Tulloch, NT Windows, nor a combination of Tulloch and NT Windows teaches, 
mentions, or suggests even a single element of independent claims 1 and 6. 

ISSUE 3 

3. Whether claims 1-4 and 6-9 are unpatentable under 35 U.S.C. § 103 (a) over Sicola et 
ah, U.S. Patent No. 6356.979 f'Sicola") in view of Schultz, "Windows NT/2000 Network 
Security," First Edition, ISBN: 1,57870,253,4, August 2000 ("Schultz"). 

In sections 13-19 of the Office Action, the Examiner rejects Claims 1-4 and 6- 

9 over Sicola in view of Schultz. Sicola discloses control of access by a disk-array controller 

to LUNs within the disk-array controller by remote host computing systems. As clearly 

stated in Sicola in the abstract: 

The configuration table contains an entry for each logical unit which 
the array controller accesses to determine if a particular logical unit 
should communicate with a particular one of the host computing 
systems, an entry for each logical unit which the array controller 
accesses to determine if a particular logical unit should communicate 
with a particular one of the host computing systems using an internal 
offset for a logical unit number, and an entry for each logical unit 
which the array controller accesses to determine if a particular logical 
unit should communicate with a particular one of the host computing 
systems using a predetermined host mode. 

In other words, Sicola discloses an access-table implementation similar to that described in 

the Background of the Invention section of the current application. Sicola' s configuration 

table controls access by remote host computers to individual LUNs within a disk array, as 

clearly stated in Sicola's abstract. In a section of Sicola particularly cited by the Examiner as 

disclosing a supplemental table, Sicola states: 

Figs. 2 and 4B-11B show examples of the data used in a 
configuration table in accordance with the present invention. The 
configuration table includes an entry identifying each logical unit 
(i.e., DO, Dl, D2, D3, etc.), and for each logical unit, a plurality of 
data fields related to that logical unit, such as which host adapters in 
LUN should grant access to and communicate with, any offset for the 
LUN number to be used for a particular host, and any special host 
modes for the particular host adapter. 

In other words, the cited section of Sicola merely restates that portion of Sicola's abstract 
quoted above, which clearly describes the access table used to control access by remote 
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computers to LUNs within a disk array. This access table can be argued to correspond to the 

access table described in the current application and referred to in Claims 1 and 6. It is 

unrelated, however, to the currently claimed supplemental access table, which, as Applicants' 

representative has carefully described above, controls access by CDLUNs within a disk array, 

essentially the disk-array controller itself, to LUNs within the disk array. Nothing in Sicola 

teaches, discloses, suggests, or even hints at controlling access by disk-array controllers, 

through CDLUNs, to LUNs within a disk array. In short, what the Examiner has pointed to 

as describing a supplemental access table in fact discloses and teaches an access table. 

The Examiner additionally references the Schultz reference. The Schultz 

reference, just as the Windows NT reference and the Tulloch reference, is directed to PC 

operating systems and distributed file systems, and is unrelated to mass-storage devices and 

mass-storage-device controllers, such as disk arrays and disk-array controllers. Again, the 

Examiner appears to equate files controlled by assess lists within a file system to logical units 

controlled by access tables in a disk array. The analogy is not justified. File systems are not 

mass-storage devices. Instead, file systems are implemented by operating systems using 

primitive I/O calls directed to mass-storage devices. Consider, for example, Schultz's 

description of access control lists, in the last paragraph on page 360: 

As in the case of Windows NT 4.0 and earlier, objects, schemas, and so on in 
Windows 2000 have access control lists (ACLs) with access control entries (ACEs). 
Access by users and programs is allowed or denied on the basis of ACEs. The SRM 
validates attempted access to objects, data in Active Directory, and so forth by 
determining whether the rights and permissions assigned to the user match the ACE 
requirements. 

In other words, as discussed in the above argument related to Issue 1 , access control lists are 
file system objects that map users to access rights, and provide selective user access to files, 
objects, schemas, and other operating and file system entities, users generally being human 
users of computers managed by operating systems and including file system interfaces for 
storage of user-level objects and application program and operating-system data. ACLs do 
not control access by remote entities to LUNs provided by a mass storage device. ACLs are 
unrelated to low-level, mass storage device access by host computers. Moreover, the ACLs 
described by Schultz are single-level data structures. Schultz does not mention or suggest a 
supplemental ACL for access during authorizations of access to special objects or entities. 
As with Tulloch and Windows NT, Schultz is completely unrelated to the current application 
and claims. 
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Thus, the combination of Schultz with Sicola arguably teaches an access table 
within a mass storage device for use in authorization of access to LUNs provided by the mass 
storage device. Again, the Examiner has failed to establish a prima facie case for 
obviousness, because neither Schultz, Sicola, nor a combination of Schultz and Sicola 
teaches, mentions, or suggests "a supplemental access table that includes entries that each 
represents authorization of a particular control device logical unit to access a particular logical unit," 
a supplemental access table of any kind, any kind of data structure containing entries that represent 
authorization of a particular control device logical unit to access a particular logical unit, control 
device logical units, or a two-step authorization method employing both an access table and a 
supplemental access table. 

CONCLUSION 

The Examiner has failed to establish a prima facie case for obviousness. In 
three different obviousness-type rejections and in citing four different references, the 
Examiner has succeeded in citing only a single relevant reference that teaches access tables 
used in a LUN-based mass storage device, a well-known structure that is also described, in 
detail, in the Background of the Invention section of the current application. No single cited 
reference or combination of the cited references teaches, mentions, or suggests "a 
supplemental access table that includes entries that each represents authorization of a particular 
control device logical unit to access a particular logical unit," a supplemental access table of any 
kind, any kind of data structure containing entries that represent authorization of a particular control 
device logical unit to access a particular logical unit, control device logical units, or a two-step 
authorization method employing both an access table and a supplemental access table. 


